Mitigating Active Shooter Risks

From “Mitigating Active Shooter Risks”
PropertyCasualty360 (08/16/17). Posted by ASIS.

Security professionals should prepare their companies for the possibility of an active shooting, as the number of incidents involving active shooters has risen steadily over the last 15 years. Keith Plaisance of Global SHE Solutions says implementing an active shooter program is similar to preparing for a fire drill, and survival depends on having a plan with three specific options: run, hide or, fight. Preparing for an active shooter scenario involves the development of a workplace violence policy and plan, emergency response plans, training, and exercises. For the workplace violence policy, the employer should establish acceptable workplace behavior, affirm the company’s commitment to take action and provide a safe workplace for employees, and address physical violence as well as threats, bullying, harassment, and weapon possession. Plaisance says a reporting mechanism should be in place letting employees know who to approach with concerns. He also recommends creating a threat assessment team within the company. Companies should test plans to determine effectiveness and identify potential problems, presenting plans to employees in regular training. Companies should also conduct a detailed physical security assessment, with the goal of denying unauthorized access and protecting property, personnel, and operations.

Microsoft PowerPoint Used as Attack Vector to Download Malware

From “Microsoft PowerPoint Used as Attack Vector to Download Malware”
Neowin (08/15/17). Reposted by ASIS.

Trend Micro researchers have discovered that a vulnerability in the Windows Object Linking Embedding (OLE) interface is being exploited by cybercriminals through Microsoft PowerPoint in order to install malware. The interface is commonly exploited by the use of malicious Rich Text File (RTF) documents. The attack starts with a phishing email that contains an attachment. The message appears to be some sort of order request, with the attached file supposedly containing shipping details. The provided document is a PPSX file, which is a type of PowerPoint file that only allows the playback of the slideshow, and is not editable. Should the victim download and open it, the content will only display the text “CVE-2017-8570,” a reference to a different vulnerability for Microsoft Office. Instead, the file will launch an exploit for the CVE-2017-0199 vulnerability, and will then begin to infect the host computer with malicious code being run through PowerPoint animations. A file called “logo.doc” will then be downloaded, an XML file with JavaScript code that runs a PowerShell command to download a new program called RATMAN.exe, a trojanized version of a remote access tool called Remcos.

Man Used Gurneys to Steal TVs, Laptops from Phoenix Hospital

From “Man Used Gurneys to Steal TVs, Laptops from Phoenix Hospital”
Campus Safety Magazine (08/04/2017) Brennan, Amy. Reposted by ASIS

A man was allegedly caught on camera stealing three laptops and five big screen televisions from Abrazo Central Campus Hospital in Phoenix. Brian Leroy Nichols, 35, was seen on surveillance video wandering the basement of the hospital for approximately three hours, going from room and room and changing his appearance along the way. Nichols allegedly took the computers from a classroom and hid them under a staircase, covering them with a gurney mattress. At one point, he reportedly left the hospital and sold two of the laptops. The third was found in his backpack when he was apprehended by police. Once in custody, police asked Nichols about how he was able to get three televisions out of the hospital unseen. Nichols said he put the stolen televisions on a gurney and covered them with sheets. Abrazo Central Hospital officials released a statement, stating, “We are reviewing campus security footage of this incident to assist the Phoenix police department with its investigation. We are also conducting a thorough review of our campus security measures.”

Fears of Hackers Targeting U.S. Hospitals, Medical Devices for Cyber Attacks

From “Fears of Hackers Targeting U.S. Hospitals, Medical Devices for Cyber Attacks”
ABC News (06/29/17) Harris, Dan; Kapetaneas, John; Zepeda, Robert; et al. Posted by ASIS.

Hospital computers and medical devices are potentially vulnerable to hacking, according to cybersecurity experts. Among the U.S. computers affected in the Petya ransomware attack that quickly spread to countries around the world Tuesday were hospital computers. Last month, the WannaCry ransomware shut down 65 hospitals in the United Kingdom, affecting not just computers but storage refrigerators and MRI machines, and last January, Hollywood Presbyterian Hospital in Los Angeles paid out $17,000 after hackers took control of its computers. To combat this problem, doctors, security experts and government employees recently converged at the University of Arizona Medical School in Phoenix to witness the first-ever simulated hack of a hospital. “Anything that is plugged in,” whether it has a Wi-Fi connection or not, can be vulnerable to hacking, and lots of medical devices, such as pacemakers and ventilators, are connected to the Internet for the benefit of the patients, says Dr. Jeff Tully, a pediatrician and self-proclaimed hacker who organized the event and staged the cyberattack with Dr. Christian Dameff, an emergency medicine physician. Cybersecurity expert Josh Corman, who recently served on a congressional task force for the U.S. Health and Human Services Department to investigate health care systems, said these systems are easy to hack because often the computers are running “on very old, unsupported systems.” Also, hospitals need to invest more in qualified cybersecurity personnel. Corman’s team conducted a yearlong investigation and found that at least 85 percent of hospitals do not have a single qualified [cyber]security person on staff.

State Department Issues Europe Travel Alert Over ISIS Terror Threat

LAST UPDATED: MAY 1, 2017

The Department of State alerts U.S. citizens to the continued threat of terrorist attacks throughout Europe.  This Travel Alert expires on September 1, 2017.

Recent, widely-reported incidents in France, Russia, Sweden, and the United Kingdom demonstrate that the Islamic State of Iraq and ash-Sham (ISIS or Da’esh), al-Qa’ida, and their affiliates have the ability to plan and execute terrorist attacks in Europe.  While local governments continue counterterrorism operations, the Department nevertheless remains concerned about the potential for future terrorist attacks.  U.S. citizens should always be alert to the possibility that terrorist sympathizers or self-radicalized extremists may conduct attacks with little or no warning.

Extremists continue to focus on tourist locations, transportation hubs, markets/shopping malls, and local government facilities as viable targets.  In addition, hotels, clubs, restaurants, places of worship, parks, high-profile events, educational institutions, airports, and other soft targets remain priority locations for possible attacks.  U.S. citizens should exercise additional vigilance in these and similar locations, in particular during the upcoming summer travel season when large crowds may be common.

Terrorists persist in employing a variety of tactics, including firearms, explosives, using vehicles as ramming devices, and sharp-edged weapons that are difficult to detect prior to an attack.

If you are traveling between countries in Europe, please check the website of the U.S. embassy or consulate in your destination city for any recent security messages.  Review security information from local officials, who are responsible for the safety and security of all visitors to their host country.  U.S. citizens should also:

  • Follow the instructions of local authorities.  Monitor media and local information sources and factor updated information into personal travel plans and activities.
  • Be prepared for additional security screening and unexpected disruptions.
  • Stay in touch with your family members and ensure they know how to reach you in the event of an emergency.
  • Have an emergency plan of action ready.
  • Register in our Smart Traveler Enrollment Program (STEP).

We continue to work closely with our European partners and allies on the threat from international terrorism.  Information is routinely shared between the United States and our key partners to disrupt terrorist plotting, identify and take action against potential operatives, and strengthen our defenses against potential threats.

For further information:

Students traveling should see:  https://travel.state.gov/content/studentsabroad/en.html

Violence Against Health Care Workers Captures Regulators’ Attention

From “Violence Against Health Care Workers Captures Regulators’ Attention”
Business Insurance (04/26/17) Gonzalez, Gloria. Reprinted by ASIS.

The U.S. Occupational Safety and Health Administration (OSHA) is “paying close attention” to workplace violence against health care workers, according to Safety National Casualty Corp.’s Mark Walls. In 2015, there were more than 11,000 violent incidents against employees in the health care and social assistance sector — a number that is nearly as high as all other industries combined. The California Division of Occupational Safety and Health Administration Standards Board unanimously adopted the first workplace violence prevention standard for health care workers in the United States last year, with the standard taking effect April 1. General acute care hospitals, acute psychiatric hospitals, and special hospitals must report incidents of workplace violence at their facilities to Cal/OSHA. The safety regulators are then required under Senate Bill 1299 to post a report each January on the total number of incidents reported, the names of the hospital facilities, the outcomes of inspections or investigations, the citations levied against a hospital based on a violent incident, and recommendations for the prevention of violent incidents in hospitals.

Cybersecurity Firm Warns That Hackers Can Take Control of Cars

From “Cybersecurity Firm Warns That Hackers Can Take Control of Cars”
Wall Street Journal (04/13/17) Dawson, Chester. Reprinted by ASIS International.

An Israeli cybersecurity firm is raising fresh concerns about hackers taking control of moving cars, remotely shutting down an engine with the help of a smartphone app, a Bluetooth connection, and a type of device commonly plugged into ports located under vehicle dashboards. On 13 April, Argus Cyber Security Ltd. said it was able to use a so-called dongle, a device often installed by insurance companies to monitor driving patterns or by owners wanting in-vehicle Wi-Fi, to crack into a vehicle’s internal communication system. The firm triggered a signal meant to disable the fuel pump, something that normally would happen only after a collision. Argus didn’t disclose the model of car it hacked, but the breach is the latest in a series of high-profile hacks, including an incident two years ago staged by two security researchers who controlled a Jeep Cherokee via a wireless internet connection.